From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Thu, 14 Oct 2021 09:52:21 +0000 (+0200)
Subject: ntp: move authentication calls in transmit_packet()
X-Git-Tag: 4.2-pre1~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a80647fb44a733ba5895898003376c319aea888;p=thirdparty%2Fchrony.git

ntp: move authentication calls in transmit_packet()

Move the calls resetting and generating authentication data out of the
loop checking for unique TX timestamp. This allows the timestamps to be
manipulated after the check.
---

diff --git a/ntp_core.c b/ntp_core.c
index d113d226..1f11b2bf 100644
--- a/ntp_core.c
+++ b/ntp_core.c
@@ -1054,10 +1054,10 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
     UTI_ZeroNtp64(&message.receive_ts);
   }
 
-  do {
-    if (!parse_packet(&message, NTP_HEADER_LENGTH, &info))
-      return 0;
+  if (!parse_packet(&message, NTP_HEADER_LENGTH, &info))
+    return 0;
 
+  do {
     /* Prepare random bits which will be added to the transmit timestamp */
     UTI_GetNtp64Fuzz(&ts_fuzz, precision);
 
@@ -1072,20 +1072,6 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
     UTI_TimespecToNtp64(interleaved ? &local_tx->ts : &local_transmit,
                         &message.transmit_ts, &ts_fuzz);
 
-    /* Generate the authentication data */
-    if (auth) {
-      if (!NAU_GenerateRequestAuth(auth, &message, &info)) {
-        DEBUG_LOG("Could not generate request auth");
-        return 0;
-      }
-    } else {
-      if (!NAU_GenerateResponseAuth(request, request_info, &message, &info,
-                                    where_to, from, kod)) {
-        DEBUG_LOG("Could not generate response auth");
-        return 0;
-      }
-    }
-
     /* Do not send a packet with a non-zero transmit timestamp which is
        equal to any of the following timestamps:
        - receive (to allow reliable detection of the interleaved mode)
@@ -1097,6 +1083,20 @@ transmit_packet(NTP_Mode my_mode, /* The mode this machine wants to be */
            UTI_IsEqualAnyNtp64(&message.transmit_ts, &message.receive_ts,
                                &message.originate_ts, local_ntp_tx));
 
+  /* Generate the authentication data */
+  if (auth) {
+    if (!NAU_GenerateRequestAuth(auth, &message, &info)) {
+      DEBUG_LOG("Could not generate request auth");
+      return 0;
+    }
+  } else {
+    if (!NAU_GenerateResponseAuth(request, request_info, &message, &info,
+                                  where_to, from, kod)) {
+      DEBUG_LOG("Could not generate response auth");
+      return 0;
+    }
+  }
+
   if (request_info && request_info->length < info.length) {
     DEBUG_LOG("Response longer than request req_len=%d res_len=%d",
               request_info->length, info.length);